This repository has been archived by the owner on Nov 1, 2017. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Merge remote-tracking branch 'origin/master' into rspec-acceptance
* origin/master: formatting Use base64 from forge Fix typo reverting changes to db/schema.rb add/delete files moving to forge for aes Add info on joining the core team draft of core team docs
- Loading branch information
Showing
4 changed files
with
55 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,32 @@ | ||
#= require aes | ||
|
||
class @ItemKey | ||
# FIXME: replace with forge | ||
@cipher: CryptoJS.AES | ||
@bytes: 64 | ||
@cipher: forge.aes | ||
@key_size: 256 / 8 | ||
|
||
@generate: -> | ||
forge.random.getBytes(@bytes) | ||
forge.random.getBytes(@key_size) | ||
|
||
constructor: (@key) -> | ||
|
||
encrypt: (data) -> | ||
@constructor.cipher.encrypt(JSON.stringify(data), @key).toString() | ||
iv = forge.random.getBytes(16) | ||
buffer = forge.util.createBuffer(JSON.stringify(data)) | ||
cipher = @constructor.cipher.startEncrypting(@key, iv) | ||
|
||
cipher.update(buffer) | ||
cipher.finish() | ||
ciphertext = cipher.output.data | ||
|
||
JSON.stringify | ||
iv : forge.util.encode64(iv) | ||
data: forge.util.encode64(ciphertext) | ||
|
||
decrypt: (data) -> | ||
result = @constructor.cipher.decrypt(data, @key) | ||
JSON.parse(result.toString(CryptoJS.enc.Utf8)) | ||
params = JSON.parse(data) | ||
iv = forge.util.decode64(params['iv']) | ||
ciphertext = forge.util.decode64(params['data']) | ||
buffer = forge.util.createBuffer(ciphertext) | ||
cipher = forge.aes.startDecrypting(@key, iv) | ||
|
||
cipher.update(buffer) | ||
cipher.finish() | ||
JSON.parse(cipher.output.data) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Core Team | ||
|
||
Swordfish is built and maintained by volunteers with a desire to increase security amongst teams without adding unnecessary overhead for individuals. | ||
|
||
## Areas of Need | ||
|
||
There are several areas of expertise needed to make Swordfish successful. | ||
|
||
* **JavaScript** - Most of the front application is written in JavaScript (well, CoffeeScript), built around [Backbone.js](http://backbonejs.org) and uses many other libraries. | ||
* **Ruby** - The API is a relatively small Ruby on Rails application, tested with RSpec and Cucumber, with data persisted in MongoDB. | ||
* **Design** | ||
* **Cryptography** - The application uses AES to encrypt items, and then encrypts the item key with an RSA key for each user. | ||
* **Security** - Strong cryptography is useless if there are simple exploits in other parts of the application. | ||
|
||
## Responsibilities | ||
|
||
* Review, discuss and merge [pull requests](https://github.com/github/swordfish/pulls) | ||
* Offer feedback on [Issues](https://github.com/github/swordfish/issues) and [mailing list discussions](https://groups.google.com/group/swordfishapp) | ||
* Be a decent human being | ||
* Give a damn | ||
|
||
## Joining the team | ||
|
||
Send a 2,000 word essay on why you think you would be a good fit for the core team, along with a portrait and profile photograph to…just kidding. | ||
|
||
Just get involved. Send a pull request, comment on an issue, or participate in a discussion. If you are still interested in joining the core team after you've been involved for a few weeks, then get in touch with [Brandon Keepers](http://github.com/bkeepers). | ||
|
||
## Members | ||
|
||
* [Brandon Keepers](http://github.com/bkeepers) |
This file was deleted.
Oops, something went wrong.